Understanding Distinguished Names (DNs)

Use the Users and Groups tab of the Administration Server to create or modify users, groups, and organizational units. A user is an individual in your LDAP database, such as an employee of your company. A group is two or more users who share a common attribute. An organizational unit is a subdivision within your company that uses the organizationalUnit object class. Users, groups, and organizational units are described further later in this chapter.

Each user and group in your enterprise is represented by a Distinguished Name (DN) attribute. A DN attribute is a text string that contains identifying information for an associated user, group, or object. You use DNs whenever you make changes to a user or group directory entry. For example, you need to specify DN information each time you create or modify directory entries, set up access controls, and set up user accounts for applications such as mail or publishing. The users and groups interface of the Sun Java System Web Server Administration Console helps you create or modify DNs.

The following example represents a typical DN for an employee of Sun Microsystems:

uid=doe,e=doe@sun.com,cn=John Doe,o=Sun Microsystems Inc.,c=US

The abbreviations before each equal sign in this example have the following meanings:

• uid: user ID

• e: email address

• cn: the user’s common name

• o: organization

• c: country

DNs may include a variety of name-value pairs. They are used to identify both certificate subjects and entries in directories that support LDAP.